[release-4.13] OCPBUGS-33280: Route 'haproxy.router.openshift.io/timeout' value is not validated

[openshift-cherrypick-robot]

This is an automated cherry-pick of #568

/assign Miciah

[openshift-ci-robot]

@openshift-cherrypick-robot: Jira Issue OCPBUGS-30773 has been cloned as Jira Issue OCPBUGS-33280. Will retitle bug to link to clone. /retitle [release-4.13] OCPBUGS-33280: OCPBUGS 6958 backport to 4.14

In response to [this](https://github.com/openshift/router/pull/591): >This is an automated cherry-pick of #568 > >/assign Miciah Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Frouter). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[openshift-ci-robot]

@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-33280, which is invalid:

• release note text must be set and not match the template OR release note type must be set to "Release Note Not Required"
• expected dependent Jira Issue OCPBUGS-30773 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is ON_QA instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/router/pull/591): >This is an automated cherry-pick of #568 > >/assign Miciah Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Frouter). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[openshift-ci[bot]]

@openshift-cherrypick-robot: all tests passed!

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository. I understand the commands that are listed [here](https://go.k8s.io/bot-commands).

[candita]

/retitle [release-4.13] OCPBUGS-33280: Route 'haproxy.router.openshift.io/timeout' value is not validated

[candita]

/assign

[candita]

/jira refresh

[openshift-ci-robot]

@candita: This pull request references Jira Issue OCPBUGS-33280, which is invalid:

• expected dependent Jira Issue OCPBUGS-30773 to be in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but it is ON_QA instead

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to [this](https://github.com/openshift/router/pull/591#issuecomment-2096556131): >/jira refresh Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Frouter). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[candita]

/jira refresh

[openshift-ci-robot]

@candita: This pull request references Jira Issue OCPBUGS-33280, which is valid. The bug has been moved to the POST state.

7 validation(s) were run on this bug

* bug is open, matching expected state (open) * bug target version (4.13.z) matches configured target version for branch (4.13.z) * bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST) * release note text is set and does not match the template * dependent bug [Jira Issue OCPBUGS-30773](https://issues.redhat.com//browse/OCPBUGS-30773) is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA)) * dependent [Jira Issue OCPBUGS-30773](https://issues.redhat.com//browse/OCPBUGS-30773) targets the "4.14.z" version, which is one of the valid target versions: 4.14.0, 4.14.z * bug has dependents

Requesting review from QA contact: /cc @lihongan

In response to [this](https://github.com/openshift/router/pull/591#issuecomment-2099213620): >/jira refresh Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Frouter). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[lihongan]

/label qe-approved

verified with per-merge testing

$ oc get clusterversion
NAME      VERSION                                                   AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.13.0-0.ci.test-2024-05-08-031117-ci-ln-fnjbk42-latest   True        False         9m46s   Cluster version is 4.13.0-0.ci.test-2024-05-08-031117-ci-ln-fnjbk42-latest

### create pod,svc,route and annotate `haproxy.router.openshift.io/timeout` with various value

### review the router log
$ oc -n openshift-ingress get pod
NAME                              READY   STATUS    RESTARTS   AGE
router-default-5f98f85d8b-6dhd4   1/1     Running   0          39m
router-default-5f98f85d8b-84vmc   1/1     Running   0          39m

I0508 03:55:53.066984       1 template_helper.go:340] template "msg"="route annotation timeout exceeds maximum allowable format, clipping to 2147483647ms" "input"="100000000000s"

I0508 04:01:06.516190       1 template_helper.go:353] template "msg"="route annotation timeout exceeds maximum allowable by HAProxy, clipping to 2147483647ms" "input"="106751d"

I0508 04:02:23.020550       1 template_helper.go:340] template "msg"="route annotation timeout exceeds maximum allowable format, clipping to 2147483647ms" "input"="106752d"

I0508 04:03:09.793814       1 template_helper.go:340] template "msg"="route annotation timeout exceeds maximum allowable format, clipping to 2147483647ms" "input"="9223372036854776us"

I0508 04:04:26.411049       1 template_helper.go:340] template "msg"="route annotation timeout exceeds maximum allowable format, clipping to 2147483647ms" "input"="18446744073709551615us"

[openshift-ci-robot]

@openshift-cherrypick-robot: This pull request references Jira Issue OCPBUGS-33280, which is valid.

7 validation(s) were run on this bug

* bug is open, matching expected state (open) * bug target version (4.13.z) matches configured target version for branch (4.13.z) * bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, POST) * release note text is set and does not match the template * dependent bug [Jira Issue OCPBUGS-30773](https://issues.redhat.com//browse/OCPBUGS-30773) is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA)) * dependent [Jira Issue OCPBUGS-30773](https://issues.redhat.com//browse/OCPBUGS-30773) targets the "4.14.z" version, which is one of the valid target versions: 4.14.0, 4.14.z * bug has dependents

Requesting review from QA contact: /cc @lihongan

In response to [this](https://github.com/openshift/router/pull/591): >This is an automated cherry-pick of #568 > >/assign Miciah Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Frouter). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[lihongan]

/label cherry-pick-approved

[frobware]

/approve /lgtm

[openshift-ci[bot]]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: frobware

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/openshift/router/blob/release-4.13/OWNERS)~~ [frobware] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment

[candita]

@Miciah's assessment of backport risk from the backport to 4.14 in https://github.com/openshift/router/pull/568:

The change is scoped to the clipHAProxyTimeoutValue template helper function. This function is somewhat performance-sensitive and security-critical. However, it already has good unit test coverage for valid and invalid values, and this change increases test coverage with additional syntactically invalid and out-of-range test values; and the code complexity is not increased by this change (and pre-compiling time.ParseDuration(haproxyMaxTimeout) should improve performance). I believe the risk is acceptable.

/label backport-risk-assessed

[openshift-ci-robot]

@openshift-cherrypick-robot: Jira Issue OCPBUGS-33280: All pull requests linked via external trackers have merged:

• openshift/router#591

Jira Issue OCPBUGS-33280 has been moved to the MODIFIED state.

In response to [this](https://github.com/openshift/router/pull/591): >This is an automated cherry-pick of #568 > >/assign Miciah Instructions for interacting with me using PR comments are available [here](https://prow.ci.openshift.org/command-help?repo=openshift%2Frouter). If you have questions or suggestions related to my behavior, please file an issue against the [openshift-eng/jira-lifecycle-plugin](https://github.com/openshift-eng/jira-lifecycle-plugin/issues/new) repository.

[openshift-bot]

[ART PR BUILD NOTIFIER]

This PR has been included in build ose-haproxy-router-base-container-v4.13.0-202405081640.p0.gd8cccd4.assembly.stream.el8 for distgit ose-haproxy-router-base. All builds following this will include this PR.

[candita]

/cherry-pick release-4.12

[openshift-cherrypick-robot]

@candita: new pull request created: #593

In response to [this](https://github.com/openshift/router/pull/591#issuecomment-2101802339): >/cherry-pick release-4.12 Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes-sigs/prow](https://github.com/kubernetes-sigs/prow/issues/new?title=Prow%20issue:) repository.

[openshift-merge-robot]

Fix included in accepted release 4.13.0-0.nightly-2024-05-09-130302